Shared Secrets – The NSA Knows More Than They Should
Lovers of freedom know that a limited government is the only way to achieve it. Limiting our government in the modern age means also limiting how it uses our personal data.
If you want to keep a secret, don’t tell anyone. The only way to be sure data is not used improperly is not to allow them to collect it.
Here is President Obama (via CBS) talking about the NSA surveillance program:
From the transcript:
I think, on balance, we — you know, we have established a process and a procedure that the American people should feel comfortable about. But again, this — these programs are subject to congressional oversight and congressional reauthorization and congressional debate. And if there are members of Congress who feel differently, then they should speak up.
The data is covered by bureaucratic rules and procedures, and the people who are tasked with monitoring it are “professionals”. So were the IRS agents who targeted tea party and conservative groups.
The argument that we should substitute some secretive bureaucracy, its rules, and the integrity of the people who staff it, for Fourth Amendment protections should be a punch line. We have the Fourth Amendment so that we don’t have to trust the integrity of people.
That is the system we should follow: unless you have sufficient suspicion of a particular citizen’s particular possessions, hands off:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Now, lawyers say that data held by phone companies is company property, not that of the customer. However, customers have a means of addressing concerns with a given company if the provider decides to share customer data with, say, a telemarketing firm or a political party. It’s part of the deal customers make with the telecom provider under the terms of service agreement.
But if the government says to all such firms that they must share the data, there is no way to bargain with the provider other than not to use the services of an entire industry. Going off the grid is a nice theoretical out, but it simply is not practical in the modern world.
And given that the sharing has until now been a secret, customers have had no way to know they were disclosing their information to the government.
The data is there just in case some arm of the federal leviathan, or some overzealous mandarin, decides that your use of the phrase “miserable failure” in connection with the president justifies digging into your associations.
As Daniel Amico says,
Metadata helps the NSA create a map or network of associations for every citizen. All the agency has to do is open its data storage tanks and run some analysis. And the metadata is being stored forever. After all, why would the government throw away such a treasure trove? Why would it invest billions in hyper-advanced data storage facilities just to delete it all every year or so?
If you want to keep a secret, you don’t tell it to only a select few “trustworthy” people. You don’t tell it to anyone, or at least only to those who need to know it.
Information security practitioners call it the Principle of Least Privilege. To maintain confidentiality of data, only the people who need access to it should be given that access.
Consider the password to your email account. You might give it to your spouse, because if something were to happen to you, you would want them to have it. Would you give it to your babysitter?
While you trust your babysitter with your children, you would be foolish to give her your Facebook or email password. Even if she promised only to use it if she had no other way to get email, you would probably not share that information with her.
You would be acting on the Principle of Least Privilege. Your babysitter needs access to your children to do her honored work, but even so she does not need access to your email account.
Even if your babysitter says she can take care of your children better with your email password, you would deny that access and probably not use that babysitter again. That information is not needed to do her job.
Similarly, the federal government does not need access to our phone records in order to defend against terrorist attacks. As the Baltimore Sun reported, General Keith Alexander, head of the NSA and U.S. Cyber Command, testified that:
Most of the plots were foiled by surveillance of foreigners overseas, the kind of spying the NSA has done since it was created in 1952 to monitor communications and other signals intelligence.
Alexander said 10 of the 50 cases might have involved domestic telephone records, but could not say how many actually did.
So the NSA can’t really say that their data collection has led to anything at all. Even if it had led directly to preventing attacks or catching terrorists, who is to say it is the only method that could have worked?
Like a babysitter you hire to watch your most precious loved ones, you want the NSA to do an important job, but you don’t want it to cost too much or pry into your secrets to do it.
The only way to prevent governmental abuse of your private information is not to let the government have it in the first place.